Remove Cerber2 – the New and Improved Variant of Cerber Ransomware

Important for Cerber2 victims!Files, encrypted by Cerber2 could not be the only harm done to your computer. Cerber2 may still be active on your machine and may spread to other computers on your network. To detect if you are still at risk and eliminate the threat, we recommend downloading SpyHunter.

Further information on SpyHunter and uninstall guide. Before proceeding, please see SpyHunter’s EULA and Threat Assessment Criteria. The Privacy Policy of SpyHunter can be found on the following link. Bear in mind that SpyHunter scanner is completely free. If the software detects a virus, you can also remove it with a delayed removal or by purchasing SpyHunter’s full version. Also, keep in mind that SpyHunter cannot restore your files and is simply an advanced malware removal software.

Cerber Ransomware has been recently reborn. It’s now raging around under the name of Cerber2 – its new and improved version. The new name, however, is not the only difference between the old and the new variants. Read further to find out how Cerber2 acts now and how you can remove it and restore your files.

Cerber2 Ransomware – How Does It Enter Your Computer?

Anka Game

Cerber2’s delivery method is no different than most ransomware viruses, including its predecessor. It spreads mainly via spam emails which contain an executable with the icon of “Anka” (a video game character), and once you open the file, Cerber2 downloads to your system and the infection begins. Other means of delivery, however, are also possible, i.e. via social networks, file-sharing services, exploit kits, etc.

To trick users into opening a compromised email, cyber crooks usually use familiar for the user sender names such as invoices from banks, popular websites, etc. We advise all users to be extra alert when checking their inboxes and when receiving files from suspicious senders. If you have the slightest doubt about the email/file you are about to open, don’t do it, as the ransomware will enter your system with the blink of an eye and it will scramble your important files for good.

Cerber2 Ransomware – What Does It Do?

Once you have clicked a compromised file containing Cerber2, it enters your system and gets activated just like its predecessor. It will then scan your whole system to look for files with the following extensions to encrypt them:

Cerber2 is capable of encrypting over 450 file types. You know your files have been locked by Cerbe2 when they receive a .cerber2 extension at the end and the file names are replaced by such that contain ten random characters.

After the file encryption, Cerber2 will scan for certain processes, and if they are active, it shuts them down:

excel.exe

infopath.exe

msaccess.exe

mspub.exe

onenote.exe

outlook.exe

powerpnt.exe

steam.exe

sqlservr.exe

thebat.exe

thebat64.exe

thunderbird.exe

visio.exe

winword.exe

wordpad.exe

As mentioned earlier, the name of this ransomware variant and the extensions its encrypted files receive, are not the only difference between Cerber and Cerber2 ransomware viruses. The most important improvement of the new one is that it no longer uses the AES-256 cypher as its main encryption technique. Rather, it uses the Microsoft’s CryptGenRansom.

Cerber2 also has a list of anti-malware programs that it’s immune to. These programs are:

Arcabit

Arcavir

Avast

BitDefender

Bullguard

EmsiSoft

ESET

eTrust

F-Secure

G Data

Kaspersky Lab

LavaSoft

TrustPort

A countdown counter of a five-day “promotion” will then begin. The counter displays the deadline the victim has to pay the amount of 0.3 bitcoins (or 175 US dollars). If the victim does not make the transaction within 5 days, the amount doubles.

The ransom message looks like this:

…and it reads like this:

Your documents, photos, databases, and other important files have been encrypted!
If you understand all importance of the situation then we propose to you to go directly to your personal page where you will receive the complete instructions and guarantees to restore your files.

Cerber2 Ransomware – Manual Removal

Although it may sound tempting to just pay the ransom and get a decryption key for your files, we strongly urge you to not do it. Paying the cyber criminals does not guarantee you a decryption key, nor it ensures Cerber2’s removal. The virus will simply remain in your system and regardless of whether you have your files back, it may strike again.

Paying the cyber crooks only encourages them to spread the infection. Instead, we suggest that you use a powerful anti-malware tool that will scan your system, detect the virus and remove it permanently from your system. Once Cerber2 ransomware is fully removed from your PC, you can try to recover some of you files via file recovery tools.